CVE-2011-0718

CWE-287 — Improper Authentication6 documents5 sources

Severity

5.8MEDIUM

EPSS

0.5%

top 33.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Network Satellite Server

Timeline

PublishedFeb 25

Latest updateMay 17

Description

Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt, which makes it easier for remote attackers to conduct brute force password guessing attacks.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDredhat/network_satellite_server5.4

🔴Vulnerability Details

GHSA

GHSA-jh92-c236-hm8p: Red Hat Network (RHN) Satellite Server 5↗2022-05-17

▶

CVEList

CVE-2011-0718: Red Hat Network (RHN) Satellite Server 5↗2011-02-25

▶

📋Vendor Advisories

Red Hat

Spacewalk: Prone to brute force password guessing attacks↗2011-02-23

▶

💬Community

Bugzilla

CVE-2011-0717 CVE-2011-0718 spacewalk-backend various flaws [fedora-all]↗2011-02-23

▶

Bugzilla

CVE-2011-0718 Satellite, Spacewalk: Prone to brute force password guessing attacks↗2011-01-24

▶